Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Bilibili Video
v1.0.0B站(Bilibili)视频字幕提取与音频转写工具。基于 bilibili-api-python,自带 WBI 签名反爬。 三级降级策略:CC字幕 → AI字幕(9种语言) → 音频下载+ASR转写。 当以下情况时使用: (1) 用户提供 B 站视频链接或 BV/AV/EP/SS 号,要求获取字幕或文字内容 (2...
⭐ 0· 76·1 current·1 all-time
byMadoka@guoqunabc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the code and SKILL.md: the scripts call bilibili-api-python, download subtitles/audio, support login via QR/cookies, and save transcripts. Requiring cookies and ffmpeg is reasonable for the described functionality.
Instruction Scope
The runtime instructions and code perform exactly the advertised actions (fetch CC/AI subtitles, or download audio and call an ASR pipeline). However the ASR step delegates to an external script (~/.openclaw/workspace/scripts/speech-to-text.sh) that is not included. That external script is passed raw audio and (per SKILL.md) may call multiple STT/LLM providers (Feishu STT, Gemini, MiMo, Qwen). Because that script and its network behavior are not part of the skill bundle, the agent will end up transmitting user audio to whatever that script does — a scope creep / data-exfiltration risk unless the user inspects the script first.
Install Mechanism
This is instruction-only with bundled Python scripts (no install spec) — low install risk. But SKILL.md asserts dependencies are “已安装,每日自动更新” (bilibili-api-python auto-updates) even though there is no install mechanism in the bundle; that is an environmental assumption/mismatch that should be clarified.
Credentials
The skill does not request environment variables or credentials, which is appropriate. It does read and write a local cookie file (~/.openclaw/workspace/.bilibili_cookies.json) containing sensitive Bilibili cookies (SESSDATA, bili_jct, etc.) — this is expected for logged-in API access but is sensitive and should be understood. The bigger issue: ASR may require or use third-party API keys (not requested by the skill) and could leak audio/content to external services; those credentials/configurations would live outside the skill and are not declared, creating a hidden dependency and potential for unintended disclosure.
Persistence & Privilege
always is false and the skill does not request elevated system privileges. It writes its own cookie file and output under ~/.openclaw and /tmp/openclaw, which is normal for this function. It does not modify other skills or system-wide agent settings.
What to consider before installing
This skill appears to do what it says (download subtitles/audio and (optionally) transcribe audio), but take these precautions before installing or running it: (1) Inspect the external ASR script at ~/.openclaw/workspace/scripts/speech-to-text.sh before use — it receives raw audio and may send it to third-party STT/LLM services (which could expose sensitive audio). (2) Be aware the skill stores Bilibili cookies in ~/.openclaw/workspace/.bilibili_cookies.json; only save cookies for accounts you trust and understand the privacy implications. (3) Confirm required dependencies (bilibili-api-python, aiohttp, ffmpeg, opencc) exist in your environment — the skill claims auto-updates but includes no installer. (4) If you need to prevent any external network calls for transcription, disable ASR (use --no-asr) or supply a vetted local speech-to-text implementation. (5) If you want higher assurance, run the skill in an isolated environment/container and review or provide the ASR tooling yourself. If the ASR script or any referenced third-party provider is not audited/known, treat audio output as potentially exfiltrated.Like a lobster shell, security has layers — review code before you run it.
latestvk979fpccbbx3ac3w19bxh2dkjd83kaka
License
MIT-0
Free to use, modify, and redistribute. No attribution required.